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Art Unit: 2435 

DETAILED ACTION 

1. Applicant's Appeal Brief filed on March 25, 2010 has been carefully 
considered by an Appeal Conference. The conferees agreed that references do not 
disclose generating the physical port security bit map. Thus the finality of the Office 
Action mailed on December 2, 2009 is now withdrawn. Claims 1-24 are pending. 

In view of the Appeal Brief filed on March 25, 2010, PROSECUTION IS 
HEREBY REOPENED. 

To avoid abandonment of the application, appellant must exercise one of 
the following two options: 

(1 ) file a reply under 37 CFR 1 . 1 1 1 (if this Office action is non-final) or a 
reply under 37 CFR 1.113 (if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41 .31 
followed by an appeal brief under 37 CFR 41 .37. The previously paid notice of appeal 
fee and appeal brief fee can be applied to the new appeal. If, however, the appeal fees 
set forth in 37 CFR 41 .20 have been increased since they were previously paid, then 
appellant must pay the difference between the increased fees and the amount 
previously paid. 

A Supervisory Patent Examiner (SPE) has approved of reopening 
prosecution by signing below. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 



(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
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at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 

3. Claims 1-24 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Authurs et al. (U.S. Patent No. 4,896,934), hereinafter "Authurs", in view of Sawey 
(U.S. Patent No. 7,151,777 B2), and further in view of admitted prior art of Ross et al. 
(U.S. Patent No. 6,658,002 B1), hereinafter "Ross". 

Referring to claim 1 : 

i. Authurs teaches: 

A method of providing physical port security in a digital 
communication system, comprising: 

receiving a frame of digital data at a network device (see figure 3 
'packet format', of Authurs); 

a destination port bit map based on the destination address 
information contained in said frame of digital data (see figure 3, element 'destination bit- 
map field'; and column 5, lines 50-54, of Authurs); 

comparing said destination port bit map with the physical port 
availability bit map to generate a bit map of allowed destination ports, wherein said 
physical port availability bit map is generated, after said receiving, based on information 
in said received frame of digital data (see column 5, lines 58-65; column 6, lines 4-9; 
and column 7, lines 1-3, of Authurs); and 

forwarding said frame of digital data to one or more of said allowed 
destination ports (see figure 1, elements 14-1..14-n 'output ports', of Authurs). 

Authurs discloses generating the physical port availability bit map. 
However, Authurs does not specifically mention the physical port security bit map. 

Authurs further discloses using the destination port bit map. 
However, Authurs does not specifically mention generating the destination port bit map. 

ii. Sawey teaches a crosspoint switch having multicast functionality, 
wherein Sawey discloses generating the destination port bit map based on the 
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destination address contained in the frame of the digital data (see figure 4, elements 
100 'receive multicast packet', 102 'generate port map mapping multicast address to 
destination output ports'; and column 7, lines 41-45, of Sawey). 

On the other hand, Ross teaches a method for performing logical 
operations for packet processing, wherein Ross discloses generating a physical port 
security bit map based on information in said received frame of digital data (see column 
3, line 58 to column 4, line 1 'Thus, if the rule is "deny packets from port 80 ," the 
corresponding CAM entry is a bit string representing a value of 80 in the portion of the 
string corresponding to the port number [i.e., a physical port security bit map]. Note 
that, as the rules are typically more complex than simple filters on port numbers, the 
CAM entries typically consists of multiple fields corresponding to the parts of the 
conventional flow label of a packet . Such fields typically include the IP source address, 
IP destination address [i.e., information of the packet], source port number, destination 
port number, type of service (TOS), and Layer 3 and Layer 4 protocol identification.', of 
Ross, emphasis added). 

iii. The ordinary skilled person would have been motivated to have 
applied the teaching of Sawey into the system of Authurs to generate a destination port 
bit map, because Authurs teaches "The present invention relates to an optical switch for 
use in a fiber optic telecommunications network, and more particularly, to an optical 
switch with multicast capability ." (see column 1, lines 5-8, of Authurs, emphasis added). 
Sawey teaches "The present invention relates generally to packet switching and, more 
particularly, to a crosspoint switch having multicast functionality ." (see column 1 , lines 6- 
8, of Sawey, emphasis added). Therefore, Sawey's teaching could enhance Authurs's 
system. 

The ordinary skilled person would have been motivated to have 
applied the teaching of Ross into the system of Authurs to generate the physical port 
security bit map, because Authurs teaches "Illustratively, the electronic control network 
is in the form of a track which sequentially links all of the input ports and output ports. 
At the beginning of the track is a token generator which generates control tokens . The 
control tokens are passed sequentially around the track from port to port." (see column 
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2, lines 58-63, of Authurs, emphasis added). Ross teaches "The present invention 
generally concerns data communications systems, in particular internetworking systems 
and specifically access control techniques for such systems." (see column 1, lines 13- 
15, of Ross, emphasis added). Therefore, Rossn's teaching could enhance Authurs's 
system. 

Referring to claims 2, 13 : 

Authurs, Sawey, and Ross teach the claimed subject matter: a method of 
providing physical port security in a digital communication system (see claim 1 above). 
Authurs further discloses the logical AND (see figure 13A; and column 5, line 64, of 
Ross). 

Referring to claims 3-5, 14-16, 23 : 

Authurs, Sawey, and Ross teach the claimed subject matter: a method of 
providing physical port security in a digital communication system (see claim 1 above). 
They further disclose the source address and the destination address (see column 3, 
line 58 to column 4, line 1 , of Ross). 
Referring to claims 6, 17, 22 : 

Authurs, Sawey, and Ross teach the claimed subject matter: a method of 
providing physical port security in a digital communication system (see claim 1 above). 
Authurs further discloses the IP address (see column 2, line 57, of Ross). 
Referring to claims 7, 18 : 

Authurs, Sawey, and Ross teach the claimed subject matter: a method of 
providing physical port security in a digital communication system (see claim 1 above). 
Authurs further discloses the router (see column 2, lines 31-33, of Authurs). 
Referring to claims 8, 19 : 

Authurs, Sawey, and Ross teach the claimed subject matter: an 
intermediate network device (see claim 12 above). They further disclose the network 
file server (see column 1 , lines 51 -52, of Ross). 
Referring to claims 9, 20: 
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Authurs, Sawey, and Ross teach the claimed subject matter: an 
intermediate network device (see claim 12 above). They further disclose the local area 
network (see column 1 , line 35, of Ross). 
Referring to claim 10 : 

Authurs, Sawey, and Ross teach the claimed subject matter: a method of 
providing physical port security in a digital communication system (see claim 1 above). 
They further discloses the process (see column 1 , line 51 , of Sawey). 
Referring to claim 1 1 : 

Authurs, Sawey, and Ross teach the claimed subject matter: a method of 
providing physical port security in a digital communication system (see claim 1 above). 
Ross further discloses that the physical port security bit map is generated dynamically 
based on a variable parameter (see e.g. column 3, line 58 to column 4, line 1 , of Ross). 
Referring to claim 12 : 

i. Authurs teaches: 

A system for providing physical port security, comprising: 
at least one processor within a network device, said network device 
having a communication port for receiving digital data from a digital communications 
system and two or more physical data ports for forwarding said digital data, said at least 
one of processor enables (see figure 1, element 10; and column 2, lines 31-33, of 
Authurs): 

a destination port bit map based on destination address information 
contained in said received digital data (see figure 3, element 'destination bit-map field'; 
and column 5, lines 50-54, of Authurs); 

comparing of said destination port bit map within a physical port 
availability bit map to generate a bit map of allowed destination ports, wherein said 
physical port availability bit map is generated, after said receiving, based on information 
within said received digital data (see column 5, lines 58-65; column 6, lines 4-9; and 
column 7, lines 1-3, of Authurs); and 

forwarding of said digital data to one or more of said allowed 
destination ports (see figure 1, elements 14-1..14-n 'output ports', of Authurs). 
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Authurs discloses generating the physical port availability bit map. 
However, Authurs does not specifically mention the physical port security bit map. 

Authurs further discloses using the destination port bit map. 
However, Authurs does not specifically mention generating the destination port bit map. 

ii. Sawey teaches a crosspoint switch having multicast functionality, 
wherein Sawey discloses generating the destination port bit map based on the 
destination address contained in the frame of the digital data (see figure 4, elements 
100 'receive multicast packet', 102 'generate port map mapping multicast address to 
destination output ports'; and column 7, lines 41-45, of Sawey). 

On the other hand, Ross teaches a method for performing logical 
operations for packet processing, wherein Ross discloses generating a physical port 
security bit map based on information in said received frame of digital data (see column 
3, line 58 to column 4, line 1 'Thus, if the rule is "deny packets from port 80 ," the 
corresponding CAM entry is a bit string representing a value of 80 in the portion of the 
string corresponding to the port number [i.e., a physical port security bit map]. Note 
that, as the rules are typically more complex than simple filters on port numbers, the 
CAM entries typically consists of multiple fields corresponding to the parts of the 
conventional flow label of a packet . Such fields typically include the IP source address, 
IP destination address [i.e., information of the packet], source port number, destination 
port number, type of service (TOS), and Layer 3 and Layer 4 protocol identification.', of 
Ross, emphasis added). 

iii. The ordinary skilled person would have been motivated to have 
applied the teaching of Sawey into the system of Authurs to generate a destination port 
bit map, because Authurs teaches "The present invention relates to an optical switch for 
use in a fiber optic telecommunications network, and more particularly, to an optical 
switch with multicast capability ." (see column 1 , lines 5-8, of Authurs, emphasis added). 
Sawey teaches "The present invention relates generally to packet switching and, more 
particularly, to a crosspoint switch having multicast functionality ." (see column 1 , lines 6- 
8, of Sawey, emphasis added). Therefore, Sawey's teaching could enhance Authurs's 
system. 
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The ordinary skilled person would have been motivated to have 
applied the teaching of Ross into the system of Authurs to generate the physical port 
security bit map, because Authurs teaches "Illustratively, the electronic control network 
is in the form of a track which sequentially links all of the input ports and output ports. 
At the beginning of the track is a token generator which generates control tokens . The 
control tokens are passed sequentially around the track from port to port." (see column 
2, lines 58-63, of Authurs, emphasis added). Ross teaches "The present invention 
generally concerns data communications systems, in particular internetworking systems 
and specifically access control techniques for such systems." (see column 1, lines 13- 
15, of Ross, emphasis added). Therefore, Rossn's teaching could enhance Authurs's 
system. 

Referring to claim 21 : 

Authurs, Sawey, and Ross teach the claimed subject matter: an 
intermediate network device (see claim 12 above). They further disclose the IP data 
(see column 1 , line 29 'data packet', of Ross). 

Referring to claims 24 : 

Authurs, Sawey, and Ross teach the claimed subject matter: an 
intermediate network device (see claim 12 above). Ross further discloses that the 
physical port security bit map is dynamically altered based on a variable parameter (see 
e.g. column 3, line 58 to column 4, line 1 , of Ross). 

Response to Arguments 

4. Applicant's following arguments, filed on March 25, 2010, have been fully 
considered but they are not persuasive. 



(a) Applicant argues: 
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"The answer is that a person of ordinary skill in the art simply would not make 
this combination. There would be no need to "generate" a destination bit map if it 
already existed." (see page 8, 1st paragraph). 

Examiner maintains: 

Sawey discloses "For received multicast packets, switch 10 uses a potentially 
iterative process to ensure delivery of the packets to all appropriate output modules 14. 
Upon receiving a multicast packet, the receiving input module 12 identifies those output 
modules 14 indicated to receive a copy of the packet. For example, input module 12 
may access a table mapping multicast addresses to output modules 14. Using the 
table, input module 12 can determine the particular output modules 14 indicated based 
upon the multicast address within the received packet . Input module 12 uses this 
mapping information to generate a port map identifying those output modules 14 that 
should receive a copy of the packet." (see column 3, lines 36-47, of Sawey, emphasis 
added). 

Therefore, a person of ordinary skill in the art simply would make this 
combination to use the table-driven, dynamic method to generate a destination port bit 
map, as taught by Sawey. 

(b) Applicant argues: 

"In this regard, Arthurs' Output Availability Field is not generated after receiving 
of the frame of digital data." (see page 10, 1st paragraph). 
Examiner maintains: 

Authurs discloses "The operation of the switch 10 of FIG. 1 may be described as 
follows. Packets arriving via the incoming trunks 16-1 . . . 16-N are buffered at the 
corresponding input ports 12-1 . . . 12-N. These packets are transmitted from 
the input ports 12-1 . . . 12-N to the output ports 14-1 . . . 14-N in transmission cycles . 

Each transmission cycle comprises two control phases and a transmission 
phase. During the first control phase, a token generated by the token generator 32 is 
passed sequentially along the track 31 from one input port 12 to the next. The input 
ports 12 write information into the token indicating the output ports 14 to which their 
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packets are to be sent. In the second control phase, the token is passed sequentially 
along the track 31 from one output port 14 to the next . The output ports 14, by means 
of their interfaces 28, read the token and tune their receivers 26 to the appropriate input 
port wavelengths. During the transmission phase the packets are transmitted from 
the input ports 12 to the output ports 14 in optical form via the optical transmission 
network 20." (see column 4, line 63 to column 5, line 14, of Arthurs, emphasis added). 

Therefore, Arthurs' Output Availability Field is generated after receiving of the 
frame of digital data. 

Conclusion 

5. Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Joseph Pan whose telephone number is 571-272- 
5987. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kim Vu can be reached at 571-272-3859. The fax and phone 
numbers for the organization where this application or proceeding is assigned is 703- 
872-9306. 

Any inquiry of a general nature or relating to the status of this application 
or proceeding should be directed to the receptionist whose telephone number is 571- 
272-2100. 



/Joseph Pan/ 

Examiner, Art Unit 2435 

June 16, 2010 

/Kimyen Vu/ 
Supervisory Patent Examiner, Art Unit 2435 



